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In the claims : The claims are changed to be as follows: 

1. (Currently amended) A syste m for providing an analyaio of use 
in managing riok , the oyotcm comprising: 

a) a knowledge base, for maintaining a generic risk record 
including a plurality of fields at least some of which have 
subjective or quantitative values for risk, w ith the subjective 
values synchronized to numerical values , and at least some of 
which have been determined as an average of corresponding 
subjective or quantitative risk values in completed projects or 
processes ; 

b) a data store of profiles, for maintaining a profile risk 
record associated with a particular profile for a particular 
project or process, and including the same plurality of fields as 
the generic risk record, the profile risk record for use in 
providing a risk assessment in the associated profile for the 
particular project or process ; and 

c) a risk processor, for updating at least one of the 
subjective or quantitative values of the generic risk record 
based on a corresponding field value in the profile risk record 
in the data store of profiles , by averaging into the at least one 
value of the generic risk record the corresponding field value in 
the profile risk record ; 

whereby at least some of the subjective or quantitative 
values of the generic risk record are refined over time based on 
values of the corresponding fields of the profile risk record for 
the particular project or process . 

2. (Previously presented) The system of claim 1, wherein some of 
the subjective or quantitative values are values of measuring 
fields input by the user, and others are values of calculated 
fields calculated by the system, and the system allows different 
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modes of analysis in which the fields that are the measuring 
fields differ. 

3. (Original) The system of claim 2, wherein the modes of 
analysis include: 

a residual assessment mode, in which a user selects inherent 
values of likelihood and consequence for a risk, and a value, for 
each control for the risk, for effectiveness in either preventing 
the risk or reducing the consequence of the risk, and the system 
then calculates residual levels of likelihood, consequence and 
risk rating for the risk; 

an inherent assessment mode, in which a user selects 
residual values of likelihood and consequence for a risk, and a 
value, for each control for the risk, for effectiveness in either 
preventing the risk or in reducing the consequence of the risk, 
and the system then calculates the inherent levels of likelihood, 
consequence and risk rating for the risk; and 

a controls self -assessment mode, in which a user selects 
inherent values of likelihood and consequence for a risk, as well 
as residual values of likelihood and consequence for the risk, 
and the system then calculates the effectiveness of predetermined 
controls needed to either prevent the risk or to reduce the 
consequence of the risk. 

4. (Currently amended) The system of claim 1, wherein the system 
can be used in different modes of use, and further wherein only 
some of the fields of the generic risk record or the profile risk 
record are required to be used in the rialc a risk m anagement 
analysis, and which of the fields are required depends on the 
mode of use. 

5. (Previously presented) The system of claim 4, wherein both 
the generic risk record and the profile risk record each 
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comprise : 

a) a risk component, for indicating a risk, for indicating 
an inherent risk rating, and also for indicating a residual risk 
rating; 

b) a cause component, for indicating the cause of the risk; 

c) a consequence component, for indicating a particular 
consequence of the risk and an inherent and a residual cost of 
the particular consequence; and 

d) a control component, for indicating a control, for 
indicating whether the control is corrective or preventive, and 
for indicating the effectiveness of the control. 

6. (Previously presented) The system of claim 5, wherein in one 
mode of use an inherent risk impact cost is aggregated over the 
inherent cost of each consequence of the risk. 

7. (Previously presented) The system of claim 5, wherein in one 
mode of use the residual likelihood is an aggregate calculation 
based on the effectiveness of each preventive control acting on 
an inherent likelihood. 

8. (Previously presented) The system of claim 5, wherein in one 
mode of use a residual risk impact cost is aggregated over the 
residual cost of each consequence of the risk. 

9. (Original) The system of claim 1, further comprising a 
scripting facility for enabling a user to create a script 
directing how a risk management process is to be performed, the 
script indicating steps that can be used in performing risk 
analysis in any profile. 

10. (Previously presented) The system of claim 1, further 
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wherein the risk processor also uses the generic risk record to 
provide initial values for the profile risk record, whereby the 
profile risk record has initial values based on experience gained 
over time. 

11. (Currently amended) A method for udq by a oyotom in 
providing an analygio of udq in managing rick , comprising: 

a) a step of maintaining in a knowledge base a generic risk 
record including a plurality of fields at least some of which 
have subjective or quantitative values for risk, w ith the 
subjective values synchronized to numerical values , and at least 
some of which have been determined as an average of corresponding 
subjective or quantitative risk values in completed projects or 
processes ; 

b) a step of maintaining in a data store of profiles a 
profile risk record associated with a particular profile for a 
particular project or process, and including the same plurality 
of fields as the generic risk record, the profile risk record for 
use in providing a risk assessment in the associated profile for 
the particular project or process ; and 

c) a step of updating at least one of the subjective or 
quantitative values of the generic risk record based on a 
corresponding field value in the profile risk record in the data 
store of profiles, by averaging into the at least one value of 
the generic risk record the corresponding field value in the 
profile risk record; 

whereby at least some of the subjective or quantitative 

values of the generic risk record are refined over time based on 
values of the corresponding fields of the profile risk record for 
the particular project or process . 

12. (Previously presented) The method of claim 11, wherein some 

-5- 



Attorney Docket No.: 2-591,5 
Serial No. : 09/774, 538 

of the subjective or quantitative values are values of measuring 
fields input by the user, and others are values of calculated 
fields calculated by the system, and the method allows different 
modes of analysis in which the fields that are the measuring 
fields differ. 

13. (Previously presented) The method of claim 12, wherein the 
modes of analysis include: 

a residual assessment mode, in which a user selects inherent 
values of likelihood and consequence for a risk, and a value, for 
each control for the risk, for effectiveness in either preventing 
the risk or reducing the consequence of the risk, and the method 
then calculates residual levels of likelihood, consequence and 
risk rating for the risk; 

an inherent assessment mode, in which a user selects 
residual values of likelihood and consequence for a risk, and a 
value, for each control for the risk, for effectiveness in either 
preventing the risk or in reducing the consequence of the risk, 
and the method then calculates the inherent levels of likelihood, 
consequence and risk rating for the risk; and 

a controls self -assessment mode, in which a user selects 
inherent values of likelihood and consequence for a risk, as well 
as residual values of likelihood and consequence for the risk, 
and the method then calculates the effectiveness of predetermined 
controls needed to either prevent the risk or to reduce the 
consequence of the risk. 

14. (Currently amended) The method of claim 11, wherein the 
method can be used in different modes of use, and further wherein 
only some of the fields of the generic risk record or the profile 
risk record are required to be used in the riok a risk management 
analysis, and which of the fields are required depends on the 
mode of use. 
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15. (Previously presented) The method of claim 14, wherein both 
the generic risk record and the profile risk record each 
comprise : 

a) a risk component, for indicating a risk, for indicating 
an inherent risk rating, and also for indicating a residual risk 
rating; 

b) a cause component, for indicating the cause of the risk; 

c) a consequence component, for indicating a particular 
consequence of the risk and an inherent and a residual cost of 
the particular consequence; and 

d) a control component, for indicating a control, for 
indicating whether the control is corrective or preventive, and 
for indicating the effectiveness of the control. 

16. (Previously presented) The method of claim 15, wherein in 
one mode of use an inherent risk impact cost is aggregated over 
the inherent cost of each consequence of the risk. 

17. (Previously presented) The method of claim 15, wherein in 
one mode of use the residual likelihood is an aggregate 
calculation based on the effectiveness of each preventive control 
acting on an inherent likelihood. 

18. (Previously presented) The method of claim 15, wherein in 
one mode of use a residual risk impact cost is aggregated over 
the residual cost of each consequence of the risk. 

19. (Previously presented) The method of claim 11, further 
comprising a step of using a scripting facility to enable a user 
to create a script directing how a risk management process is to 
be performed, the script indicating steps that can be used in 
performing risk analysis in any profile. 
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20. (Previously presented) The method of claim 11, further 
wherein the risk processor also uses the generic risk record to 
provide initial values for the profile risk record, whereby the 
profile risk record has initial values based on experience gained 
over time. 
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